CVE-2023-1997

Name of the Vulnerable Software and Affected Versions SIMULIA 3DOrchestrate versions 3DEXPERIENCE R2021x through 3DEXPERIENCE R2023x

Description An OS Command Injection issue exists, allowing arbitrary command execution through a specially crafted HTTP request.

Recommendations For SIMULIA 3DOrchestrate versions 3DEXPERIENCE R2021x through 3DEXPERIENCE R2023x, consider restricting access to vulnerable HTTP endpoints until a patch is available. As a temporary workaround, avoid using vulnerable parameters in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.